Restricting/Locking/Password Protecting Attachments on HR Case Form

Go to solution
Rob Sestito
Mega Sage

‎02-15-2019 08:17 AM

Hello SN Comm,

I want to see if anyone knows a good way to protect attachments that are attached to an HR Case form? Can it be locked to only the Assigned To (and maybe also certain users with a special role, etc.)?

Maybe even having to enter in a password when trying to view the attachment from the Case?? I feel like that idea is pretty far out there, but hey - ya never know what the system can to until you go through it and/ or ask!

Thank you,

-Rob

 

  • 2,687 Views
1 ACCEPTED SOLUTION

Go to solution
Kevin Velovski
Kilo Guru

‎02-17-2019 03:25 PM

Rob,

 

I see most of the replies have been to provide technical solutions within the HR Scoped app using ACLs.

I'm going to suggest another approach for you to think about. The HR Scoped App has an extra application "Employee Document Management". (https://docs.servicenow.com/bundle/london-hr-service-delivery/page/product/human-resources/concept/hr-employee-doc-management.html)

One of the key points with EDM is that it allows you to put security controls around documents associated with Employee's Profile (from cases, etc) via Document Types:

Use document types to:

  • Associate a security policy. Security policies determine who can access employee documents and determine purge authorization.
  • Associate a retention policy. Retention policies determine how long to keep a document and who the document is applicable to.
  • Place a legal hold. Legal holds temporarily prevent document purging or changes to the document.-
  • Allow access to employees.
  • Configure employee documents to be moved automatically when an HR case is closed. Assign a topic detail associated with an HR service that has the Automatically move attachments box checked. See Configure an HR service.

Keep in mind EDM is an extra license cost.

Thanks,

Kevin

View solution in original post

0 Helpfuls
17 REPLIES 17

Go to solution
Cody Smith _ Cl
Tera Guru

‎02-15-2019 08:34 AM

You could create a Read ACL for sys_attachment. Using something similar to this. 

 if(current.table_name == 'hr_case'){
   if(current.sys_created_by == gs.getUserName() || gs.hasRole('The Role you are looking for')){
     return true;
    }else{
      return false;
    }
}

 

If my answer was helpful, or solved your issue, please mark it as Helpful / Correct.
Thank you,
Cody Smith
 

Go to solution
Rob Sestito
Mega Sage
In response to Cody Smith _ Cl

‎02-15-2019 08:50 AM

Hey Cody,

Thanks for replying - as I thought that would be a good way to go actually. I adjusted the code you provided as I would need (correct table and role to use). But I get the following error, and I am unable to see it. Are you able to see it?

find_real_file.png

Thanks,

-Rob

Preview file
31 KB
0 Helpfuls

Go to solution
Rob Sestito
Mega Sage
In response to Cody Smith _ Cl

‎02-15-2019 08:52 AM

Hey - I think I got it.

find_real_file.png

Preview file
22 KB

Go to solution
Cody Smith _ Cl
Tera Guru
In response to Rob Sestito

‎02-15-2019 08:53 AM

Yeah, that looks right.

0 Helpfuls